Security Risk Score for
Every npm Package
Instantly analyze any npm package for security risks — maintainer activity, CVE history, suspicious code patterns, and more. Protect your supply chain before it's too late.
✓ Real-time CVE lookup✓ Maintainer activity scoring✓ API access included
Pro Plan
$15/mo
Everything you need to secure your dependencies
- ✓Unlimited package scans
- ✓Real-time vulnerability alerts
- ✓Maintainer trust scoring
- ✓Code pattern analysis
- ✓REST API access
- ✓CI/CD integration support
- ✓Email security digests
Frequently Asked Questions
How is the security score calculated?
We combine CVE vulnerability history, maintainer commit frequency, package age, download trends, and static code pattern analysis into a single 0–100 risk score updated in real time.
Can I integrate this into my CI/CD pipeline?
Yes. Every Pro plan includes full REST API access with JSON responses, making it easy to block deployments when a package score drops below your threshold.
What npm registries are supported?
We support the public npmjs.com registry today, with support for private registries and GitHub Packages on the roadmap for enterprise customers.